package com.sec.controller;

import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
@RequestMapping("/sec")
public class secController {
//    使用注解的方式设置权限(细粒度)

    @RequestMapping("/add")
    @PreAuthorize("hasAuthority('add')")
    public String add(){
/**
 * xiaoming能在/*下访问到,在/pp/**缺访问不到
 */
        return "有add权限的能看到";
    }


    @RequestMapping("/save")
    @PreAuthorize("hasRole('ROLE_admin')")
    public String save(){
        return "admin角色的能看到";
    }
}
